security issue with mysql user permissions.

[daneryl]

Setting up a multiple core environment with different mysql user for each one i realized that all this users need read permissions on cb__casebox inlcuding cb_casebox.cores, where all mysql users are stored with the password, so any user can have access to any core.

[tvitalie]

Hi daneryl, yes at some point you can consider that as a security issue but in that model when you have multiple cores on the same machine you'll have to keep connection params for cores somewhere (in files, in db etc.) and it always will be a vulnerable place once the intruder get access to the system.

So the accent should be on protecting the system as a whole.

To get users and pass from cores means you'll have to execute a query which is actually an sql injection. So we have to exclude sql injections and we do that.

Those core users should be allowed to connect only from localhost or specific ip (if db on a remote machine).

The users are mysql restricted users and are not system users that have shell access to the system or Casebox internal users.

If we suppose you have any of that user you need access to localhost to authenticate with it.

So getting that info is equivalent to a system break that gives you shell access.

[oburlaca]

I agree with what @tvitalie said about securing your whole server, but there is definitely a security whole here.

My suggestion: we move config options related to DB connection and eventually other sensitive information from MySql cbcasebox to disk. Then we create a specific mysql to access a given core + READ ONLY access to cbcasebox.

P.S. I'm thinking to completely move cb__casebox.cores to disk.

I'll let you know when we implement a solution